ABP same Network and Application Session Key for "n" devices


I would like to know if there is any problem to use many devices using the same Network and Application Session Key with different device address in ABP mode.

It is against any recommendation. I would never advice to re-use the same (session)keys.


I can see the security issue, besides that, there is anyone more? The information is not really a sensitive data. However, I would like to do the best pratices as we have already more than 200 devices.

Change every (session)keys in each device that is deployed will be hard working… =/

Security of your device payloads are probably a lesser concern. Malicious actors impersonating your devices, fooding your network with bad traffic, etc, are probably a bigger issue.

1 Like

@brocaar and @bconway Thanks a lot, in my head as I set different devices address and my network is private I was not going to have this kind of issue.

My device address is set up as my ESP32 chip address.

I think I could avoid it using OTAA activation however I’m really worried for the profile consumption in this mode, as it need to join every time that sends a payload.

Can you give me any recomandation or documents that could help me in a way to do this
scalable ?

There is no need to join each time that it sends a payload. A device should only join when it is turned on, and then maintain the security-context in its memory.